Tag Archives: beacon

Defending against Windows RDP attacks

In 2020, attacks against Windows Remote Desktop Protocol (RDP) grew by 768%, according to ESET. But this shouldn’t come as a surprise, given the massive increase in people working remotely during the pandemic. With enterprises resorting to making RDP services publicly available, hackers have taken notice. Some DDoS attacks are leveraging RDP servers to amplify their effect, and malware like Trickbot is employing scanners to identify vulnerable open RDP ports. When it comes to remote … More ? The post Defending against Windows RDP attacks appeared first on Help Net Security .

See more here:
Defending against Windows RDP attacks

DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency

Netscout announced findings from its bi-annual Threat Intelligence Report, punctuated by a record-setting 10,089,687 DDoS attacks observed during 2020. Cybercriminals exploited vulnerabilities exposed by massive internet usage shifts since many users were no longer protected by enterprise-grade security. Attackers paid particular attention to vital pandemic industries such as e-commerce, streaming services, online learning, and healthcare generating a 20% year-over-year increase in attack frequency over 2019 plus a 22% increase in the last six months of … More ? The post DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency appeared first on Help Net Security .

Read More:
DDoS attack activity: 10 million-plus attacks and 22% increase in attack frequency

Week in review: PHP supply chain attack, common zero trust traps, hardening CI/CD pipelines

Here’s an overview of some of last week’s most interesting news and articles: Attackers tried to insert backdoor into PHP source code The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. The growing threat to CI/CD pipelines By hardening CI/CD pipelines and addressing security early in the development process, developers can deliver software faster and more securely. DDoS attacks in 2021: What to … More ? The post Week in review: PHP supply chain attack, common zero trust traps, hardening CI/CD pipelines appeared first on Help Net Security .

Continued here:
Week in review: PHP supply chain attack, common zero trust traps, hardening CI/CD pipelines

5G network slicing vulnerability leaves enterprises exposed to cyberattacks

AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental vulnerability has the potential to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G network, leaving enterprise customers exposed to malicious cyberattack. The issue has the potential to cause significant security risks to enterprises using network slicing and undermine operators’ attempts to open … More ? The post 5G network slicing vulnerability leaves enterprises exposed to cyberattacks appeared first on Help Net Security .

View original post here:
5G network slicing vulnerability leaves enterprises exposed to cyberattacks

Insights for navigating a drastically changing threat landscape

In a recent report, Trend Micro announced it detected 119,000 cyber threats per minute in 2020 as home workers and infrastructure came under new pressure from attacks. Attacks on homes surged The report also shows that home networks were a major draw last year for cybercriminals looking to pivot to corporate systems, or compromise and conscript IoT devices into botnets. Attacks on homes surged 210% to reach nearly 2.9 billion—amounting to 15.5% of all homes. … More ? The post Insights for navigating a drastically changing threat landscape appeared first on Help Net Security .

See the original post:
Insights for navigating a drastically changing threat landscape

Extortion demands grow as cybercriminals target new online industries

There was a 154 percent increase in the number of attacks between 2019 and 2020, with growth in ransom-related DDoS (RDDoS) attacks and a rise in use of existing attack vectors, including web applications, a Neustar report reveals. The report also provides key details around the amount, size, duration and intensity of DDoS attacks throughout 2020 to keep cybersecurity professionals informed. DDoS extortion demands on the rise Primarily, the report highlights a rise in ransom-related … More ? The post Extortion demands grow as cybercriminals target new online industries appeared first on Help Net Security .

More:
Extortion demands grow as cybercriminals target new online industries

What analytics can unveil about bot mitigation tactics

25% of internet traffic on any given day is made up of bots, the Kasada Research Team has found. In fact, there is a synthetic counterpart for almost every human interaction online. Bot mitigation tactics These bots work to expose and take advantage of vulnerabilities at a rapid pace, stealing critical personal and financial data, scraping intellectual property, installing malware, contributing to DDoS attacks, distorting web analytics and damaging SEO. Luckily, tools, approaches, solutions and … More ? The post What analytics can unveil about bot mitigation tactics appeared first on Help Net Security .

More:
What analytics can unveil about bot mitigation tactics

Spamhaus Intelligence API: Free threat intelligence data for security developers

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour. Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies. The API features live and historical data, including bot names, first seen dates, … More ? The post Spamhaus Intelligence API: Free threat intelligence data for security developers appeared first on Help Net Security .

See the original article here:
Spamhaus Intelligence API: Free threat intelligence data for security developers

Cyber insurance claims on the rise

External attacks on companies result in the most expensive cyber insurance losses, but it is employee mistakes and technical problems that are the most frequent generator of claims by number, according to a report from Allianz Global Corporate & Specialty (AGCS). The study analyzes 1,736 cyber-related insurance claims worth EUR 660mn (US$ 770mn) involving AGCS and other insurers from 2015 to 2020. “Losses from incidents such as distributed denial of service (DDoS) attacks or phishing … More ? The post Cyber insurance claims on the rise appeared first on Help Net Security .

Read More:
Cyber insurance claims on the rise

Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)

Earlier this week SonicWall patched 11 vulnerabilities affecting its Network Security Appliance (NSA). Among those is CVE-2020-5135, a critical stack-based buffer overflow vulnerability in the appliances’ VPN Portal that could be exploited to cause denial of service and possibly remote code execution. About CVE-2020-5135 The SonicWall NSAs are next-generation firewall appliances, with a sandbox, an intrusion prevention system, SSL/TLS decryption and inspection capabilities, network-based malware protection, and VPN capabilities. CVE-2020-5135 was discovered by Nikita Abramov … More ? The post Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135) appeared first on Help Net Security .

Originally posted here:
Critical flaw in SonicWall’s firewalls patched, update quickly! (CVE-2020-5135)